Directory traversal

2008-02-2521:44:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.1%

JSON

Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a … (dot dot) in the recipient field.

CPENameOperatorVersion
imserverle2.0.8.1
instant_messagingle2.0.8.1

CPE	Name	Operator	Version
	imserver	le	2.0.8.1
	instant_messaging	le	2.0.8.1

References

aluigi.altervista.org/adv/ipsimene-adv.txt

aluigi.org/poc/ipsimene.zip

securityreason.com/securityalert/3697

www.securityfocus.com/archive/1/487748/100/200/threaded

www.securityfocus.com/bid/27677